Microsoft to host cloud data in Germany to hide data from US spies

Microsoft is opening new data centers in Germany to allow European customers to hide their digital information from US government surveillance. The new data centers will open in late 2016 and will be operated by a subsidiary of Deutsche Telekom. However, The Financial Times notes that customers will have to pay extra to store their data in this way. “These new data centre regions will enable customers to use the full power of Microsoft’s cloud in Germany […] and ensure that a German company retains control of the data,” said Microsoft CEO Satya Nadella at a press conference in Berlin this morning.

The announcement is the latest move in an ongoing battle between US tech companies and the American government over access to foreign-held data. Companies like Microsoft and Google want to retain the trust of their users after the Snowden revelations, but have to contend with American police and spy agencies who want the same privileged access they’ve always enjoyed. An ongoing legal battle between Microsoft and a New York court exemplifies the debate, with the US authorities demanding access to the emails of an American citizen stored in Ireland and Microsoft refusing to hand over the data.

Although Microsoft could still lose in this particular case, opening new data centers in Germany will provide a future safeguard against US demands for data. The company has also announced plans for new data centers in the UK, but Germany’s data-protection laws are some of the most rigorous in Europe. By placing its data centers under the control of a Germany company as a “data trustee,” Microsoft is forcing any requests for information to be routed through Germany authorities.

It’s an approach that’s comparable to Apple’s use of encryption that even the iPhone-maker can’t break — theoretically taking away the option of government authorities forcing the company to give up users’ data. However, none of these tactics are ever completely secure. For example, the Snowden revelations showed that despite Europe’s outward desire for data sovereignty, many local spy agencies still funneled European citizens’ data to the NSA. Paul Miller, an analyst for Forrester, notes that although Microsoft is confident in the security of German servers, this arrangement has yet to be tested in the courts. “To be sure, we must wait for the first legal challenge. And the appeal. And the counter-appeal,” said Miller.

More importantly, though, Microsoft’s decision could end up affecting more than just its own users. If the German trustee model becomes a recognized standard for data security, then customers of other cloud computing firms like Google and Amazon could demand similar arrangements. EU officials might also be emboldened by the move. Last month, the EU Court of Justice invalidated the longstanding Safe Harbor treaty allowing US companies to send data on European citizens back to America. The treaty is currently being renegotiated, and Microsoft’s support for the data trustee model could feed into these debates.